PL | ES | EN

Cashless.pl ·

Cinkciarz has stopped operating — but what happened to the data of hundreds of thousands of its customers?

On 2025-10-27 Cashless.pl covered: GDPR, data security, FinTech.

Cinkciarz has stopped operating — but what happened to the data of hundreds of thousands of its customers?

O czym mówiliśmy

On 2025-10-27 Cashless.pl examined GDPR, data security and FinTech. The case mattered to businesses because such regulations shape not only the wording of legal documents, but also the design of sales, payments, security and customer-communication processes. The discussion focused on the practical consequences of implementation and the risks arising from an overly narrow or overly formal reading of the rules. The outlet asked Tomasz Klecor for comment on the topic of the publication.

Co podkreślaliśmy

  • The GDPR continues to apply even after the controller suspends operational activity.

    Customer data should be secured, deleted or anonymised once the legal basis for further processing has ceased to apply.

  • Enforcing obligations against a failing company is, in practice, often limited.

    A UODO fine or a civil claim may prove of little use when there is no cooperation from the people who actually control the systems.

  • The issue of fintech customers' data will keep returning as the scale of digital services grows.

    Producing new rules will not by itself replace user education and the careful selection of entities entrusted with sensitive information.

Najczęstsze pytania

What is a personal data breach under the GDPR?
A personal data breach is an incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. The GDPR covers both data leaks and loss of availability, e.g. after a ransomware attack or a system misconfiguration.
Go to publication Back to the list